Global Cybersecurity Risk Analyst (Remote In The Us)

The Global Cybersecurity Risk Analyst candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly effective in the role. These skills and competencies include:

• Experience maintaining working relationships with individuals and groups involved in managing information risks across the organization.
• Assist with focused information risk assessments of existing or new services and technologies, along with business counterparts.
• Helping to identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
• Provides consultative advice to information governance or security teams that enables them to suggest informed risk management decisions.
• Collaborates, as appropriate, with information security, finance, compliance and/or disaster recovery and business continuity management and other risk functions to maintain an enterprise risk management program
• Communicates risk assessment findings to team owners and custodians of information risk “business partners,” or information governance teams and information security teams.
• Experience with coordinating vendor risk management frameworks, policies and processes within a broader enterprise, operational and IT risk management model
• Influences vendors and business partners to ensure compliance with risk management policies
• Contributes to the gathering of vendor risk assessment data and prepares risk assessments for critical-related vendors as needed, to be published and communicated to stakeholders
• Help to tracks identified risks and risk events
• Assist with coordinating the classification and tiering of vendors by risks and risk impacts
• Helps to identify and facilitate the implementation of appropriate controls to effectively manage information risks as needed.
• Understands and applies relevant regulatory and legal compliance requirements
• Assist with managing vendor risks as defined in vendor contracts and in accordance with existing risk management programs and policies
• Works with regulatory officers and auditors as necessary
• Ensures third- (and increasingly, fourth) party vendor regulatory compliance
• Develops, monitors and possibly executes vendor remediation actions, mitigation and contingency plans when risks or events are identified
• Assist with coordinating the identification and ranking of vendor risks
• Communicates identified risk requirements and violations to internal stakeholders (and end users within the business) and responsible vendors while supporting the response to and the addressing of these issues
• Partners with sourcing and vendor relationship/contract management functions where they are not part of this group to manage vendor behavior

A successful Global Cybersecurity Risk Analyst candidate will have the expertise and skills described below.

Education, Training and Previous Experience

Candidates will be evaluated primarily on their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows:

• Strong business background; experience gathering and interpreting risks and associated impacts in the context of financial and operational concerns
• Strong understanding of complex vendor risk-related issues through demonstrated experience managing vendor relationships, information security or regulatory compliance programs, and audits
• [4+] years of experience with regulatory compliance and information security management frameworks (e.g., International Organization for Standardization [IS0] 27000, COBIT, National Institute of Standards and Technology [NIST] 800)
• [2+] years of work experience in information security, especially in an information senior cybersecurity risk role
• Technical background or demonstrable understanding of a range of operational and IT risks and operations
• [2+] years of experience in managing risk and compliance issues, or similar experience managing applications, projects or systems that require identification, evaluation, and remediation if risk
• BS or MA in Business, Computer Science, Information Security, or a related field

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)

Knowledge and Skills

• An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
• An ability to apply original and innovative thinking to produce new ideas.
• An understanding of organizational mission, values, goals and consistent application of this knowledge.
• Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
• Strong problem-solving and troubleshooting skills.
• An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• An ability to effectively influence others to modify their opinions, plans or behaviors.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

Personal Characteristics (Optional)

• Can interface with, and gain the respect of, stakeholders at all levels and roles in the company.
• Is a confident, energetic self-starter, with strong interpersonal skills.
• Instinctive and creative.
• Highest ethical standards and values.
• Self-motivated and possessing a high sense of urgency and personal integrity.
• Has good judgment and a sense of urgency, and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.

• Total Rewards: The salary range for this position is $85,000 - $90,000 and is based upon years of experience that is commensurate with the level of the position.
• People: Ask any UL Solutions employee what they love most about working here, and you’ll almost always hear, “the people”. Work with colleagues, who you can listen and learn from and challenge each other so that you can continually push for excellence and results.
• Mission: For UL Solutions, corporate and social responsibility isn’t new. Making the world a safer, more secure and sustainable place has been our business model for the last 125 years and is deeply engrained in everything we do. You will shape the way we approach and deliver our solutions to promote safe living and working environments for people everywhere.
• Interesting work: Your work at UL Solutions will challenge you to try fresh approaches, be empowered to drive change and help you gain in-depth experience in your field. And as a global company, in many roles, you will get international experience working with colleagues around the world.
• Grow & achieve: Growth and development are part of our DNA. Grow & achieve with targeted development, reward and recognition programs as well as our very own UL University that offers extensive training programs for employees at all stages as well as a technical training track for applicable roles.

All employees at UL Solutions are eligible for annual bonus compensation. The target for this position is 5% of the base salary offered. Employees are eligible for health benefits such as medical, dental and vision; wellness benefits such as mental & financial health; and retirement savings (401K) commensurate with the standard rewards offered in each individual location or country, for the relevant position level.